Fix crowdsec install order

2026-01-21 17:31:34 +01:00 · 2025-06-02 20:46:23 +02:00 · 2025-06-02 20:46:23 +02:00 · 219a9099a3
commit 219a9099a3
parent 22bdc1d19b
2 changed files with 14 additions and 9 deletions
--- a/modules/system/services/crowdsec/default.nix
+++ b/modules/system/services/crowdsec/default.nix
@ -63,9 +63,9 @@ in
        ];
    };

-    systemd.services.crowdsec.preStart =
+    systemd.services.crowdsec.serviceConfig.ExecStartPre =
      let
-        addCollection = collection: ''
+        installCollection = collection: ''
          if ! cscli collections list | grep -q "${collection}"; then
            cscli collections install ${collection}
          fi
@ -78,7 +78,9 @@ in
        (lib.optional (lib.elem "iptables" cfg.sources) "crowdsecurity/iptables")
      ]
      |> lib.flatten
-      |> lib.map addCollection
-      |> lib.concatLines;
+      |> lib.map installCollection
+      |> lib.concatLines
+      |> (text: pkgs.writeShellScript "crowdsec-install-collections" "set -e\n${text}")
+      |> lib.mkAfter;
  };
 }
--- a/modules/system/services/crowdsec/firewall-bouncer.nix
+++ b/modules/system/services/crowdsec/firewall-bouncer.nix
@ -23,10 +23,13 @@ in
      };
    };

-    systemd.services.crowdsec.preStart = ''
-      if ! cscli bouncers list | grep -q "firewall"; then
-        cscli bouncers add "firewall" --key "cs-firewall-bouncer"
-      fi
-    '';
+    systemd.services.crowdsec.serviceConfig.ExecStartPre = lib.mkAfter (
+      pkgs.writeShellScript "crowdsec-add-bouncer" ''
+        set -e
+        if ! cscli bouncers list | grep -q "firewall"; then
+          cscli bouncers add "firewall" --key "cs-firewall-bouncer"
+        fi
+      ''
+    );
  };
 }